- From: Dominique Hazael-Massieux via GitHub <sysbot+gh@w3.org>
- Date: Thu, 07 Jul 2016 08:08:22 +0000
- To: public-media-capture-logs@w3.org
> The sandbox model which has new potentially dangerous feature disabled by default is something we hope people to use for their cross-origin iframes in general, right? > > And by making this feature disabled by default for even non-sandbox, aren't you just making the normal model be aligned with the sandbox model that has a growing and unbounded set of restrictions which you are disapproving? I'm not disapproving of the growing unbounded set of restrictions; I'm saying that the fact that by opting in to sandbox, you're opting in to a growing unbounded set of restrictions makes it less likely people will be opting in. I prefer the model where the default is right. > This actually applies to many of other sandbox flags, including pointerlock, top navigation, modals, and probably even popups. OK; if this is the direction where the overall platform is going toward, it probably does not make much sense to make `getUserMedia` an exception. Since I suspect there are many more cross-origin iframes than there are sandboxed iframes, I don't think that's great, but I agree there is value in consistency, especially noting your other remark: > Also without sandbox, pages can escape from this restriction via a top navigation or popup. -- GitHub Notification of comment by dontcallmedom Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/268#issuecomment-231011200 using your GitHub account
Received on Thursday, 7 July 2016 08:08:31 UTC